lightning-architecture-review

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). These URLs include a forum post, an unfamiliar .win project site, and a GitHub repository owned by a numeric/suspicious-looking account (likely low community vetting); none are official, well-established sources and the GitHub account in particular matches a high-risk indicator for distributing untrusted binaries—so they pose a moderate-to-high risk if asked to download or run executables from them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Instructions and References explicitly direct the agent to consult public third-party resources (e.g., the SuperScalar GitHub repo https://github.com/8144225309/SuperScalar and related website/forum links), which are untrusted, user-generated sources the agent would be expected to read and that could materially influence its analysis or actions.